send AWS SSO username as a attribute in SAML assertion

0

Someone else has asked a fairly similar question in this forum, but the reply there was "customer service helped me through this. thanks"

I have a setup with AWS SSO and its identity source is AWS SSO (not AD or external)
I have configured some users and am able to integrate fairly successfully with some external applications

However I have an integration with say Jenkins and the default attribute mapping puts Subject as ${user:email}
How can I change this to the username in AWS SSO. By this I do not mean the display name of firstname lastname. I want the actual username that is configured in aws sso to be sent. (the one that users login to the AWS SSO user portal with)
I have tried replacing it with $(user.preferredUsername} but that results in the display name in the assertion

On a related note, When i add a completely new attribute to the attribute mapping and call it say "testattr" and then choose ${user:email} the SAML assertion ends up with the exact string ${user:email} instead of the value of the email for the user.

I am sure I am missing something basic, so any help would be appreciated.

Edited by: subkal on Oct 14, 2020 1:06 PM

subkal
已提問 4 年前檢視次數 755 次
2 個答案
0

Try: ${user:subject}, for a native identity source it contains the user login name rather than the email. Hope this helps! K

KrisH
已回答 4 年前
0

Thank you. That worked

subkal
已回答 4 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南